Latest Yiiframework Vulnerabilities

CVE-2023-50708
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
composer/yiisoft/yii2-authclient<=2.2.14
Yiiframework Yii2-authclient<2.2.15
CVE-2023-50714
The Oauth2 PKCE implementation is vulnerable
composer/yiisoft/yii2-authclient<2.2.15
Yiiframework Yii2-authclient<2.2.15
CVE-2023-47130
Unsafe deserialization of user data in yiisoft/yii
composer/yiisoft/yii<1.1.29
Yiiframework Yii<1.1.29
CVE-2022-31454
** DISPUTED ** Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 ...
Yiiframework Yii=2.0.45
CVE-2023-26750
** DISPUTED ** SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software ...
Yiiframework Yii>=2.0.0<=2.0.47
CVE-2020-36655
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.
Yiiframework Gii<2.2.2
CVE-2022-34297
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.
Yiiframework Gii<=2.2.4
CVE-2022-41922
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
Yiiframework Yii<1.1.27
CVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii>=2.0.0<2.0.43
CVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii>=2.0.0<2.0.43
CVE-2020-15148
### Impact Remote code execution in case application calls `unserialize()` on user input containing specially crafted string. ### Patches 2.0.38 ### Workarounds Add the following to BatchQueryRes...
composer/yiisoft/yii2<2.0.38
Yiiframework Yii<2.0.38
composer/yiisoft/yii2<2.0.38
<2.0.38
CVE-2018-20745
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfi...
Yiiframework Yii>=2.0<=2.0.15.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203